Description

In this episode of Between 2 Devs at Postcon, Hannah Seligson (HubSpot) and I dig into a core safety problem with MCP: by default, servers hand LLMs full access to every tool. That is a trust and safety risk if you are serious about agentic systems in production.

We talk about how Postman approaches this with granular, endpoint-level access, so teams can build agents on verified APIs without handing over the keys to everything. We also get into spec-driven development, mock servers, and the trap of over-relying on codegen.